Sign in
Microsoft.com
 
Microsoft
 
 
 
Microsoft >
Use powershell to create ADFS relying party trusts and rules

Answered Use powershell to create ADFS relying party trusts and rules

  • Saturday, March 17, 2012 2:57 PM
     
     
    Sign In to Vote
    0

    Does anyone have a powershell script that creates the relying party trust and all of the rules required for claims-based authentication and IFD setup in CRM 2011?

    Those 3 rules you have to go through, once each for internal and IFD access, are a major pain when you're doing them over and over again troubleshooting.

    Thanks!

    Blog: http://andrewbschultz.com @andrewbschultz

     

All Replies

  • Sunday, March 18, 2012 3:50 PM
     
     Answered Has Code
    Sign In to Vote
    2

    Create a text file called ClaimIssuanceRules.txt (the filename doesn't matter, just name it anything descriptive you like), the content of the files are as follows:

    @RuleTemplate = "PassThroughClaims"
@RuleName = "Pass Through UPN"
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
 => issue(claim = c);

@RuleTemplate = "PassThroughClaims"
@RuleName = "Pass Through Primary SID"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"]
 => issue(claim = c);

@RuleTemplate = "MapClaims"
@RuleName = "Transform Windows Account Name to Name"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
 => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", 
    Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType
	= c.ValueType);

    Then run the following PowerShell command

    Add-ADFSRelyingPartyTrust -Name CRMTrust -MetadataUrl "https://YOURCRMServerURL/FederationMetadata/2007-06/FederationMetadata.xml" -IssuanceTransformRulesFile "C:\ClaimIssuanceRules.txt" -AutoUpdateEnabled:$true -MonitoringEnabled:$true

    In the above command you need to change the name parameter to the Display name of the Relying Party Trust (this is the Display name you will see in ADFS interface). Change the Host of the MetadataUrl parameter to that of your CRM server. Change the -IssuanceTransformRulesFile to the path of the file you created in the first step.

    http://sherifelmetainy.blogspot.com/


     
  • Thursday, March 22, 2012 7:09 PM
     
     
    Sign In to Vote
    0
    Thanks Sherif! That's very helpful!

    Blog: http://andrewbschultz.com @andrewbschultz

     
  • Friday, August 17, 2012 12:22 PM
     
     
    Sign In to Vote
    0

    Hi Sherif,

    Where is the Command?